Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 904250 (CVE-2023-29479, CVE-2023-29480) - <dev-util/librnp-0.16.3: Multiple vulnerabilities
Summary: <dev-util/librnp-0.16.3: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2023-29479, CVE-2023-29480
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-13 04:11 UTC by Sam James
Modified: 2023-04-30 23:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-04-13 04:11:25 UTC
From 0.16.3 release notes:
    Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
    Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).
Comment 1 Larry the Git Cow gentoo-dev 2023-04-13 05:55:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ee9c4190e2ce8af9ee0d8545a198f16d8954b05

commit 1ee9c4190e2ce8af9ee0d8545a198f16d8954b05
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-13 05:40:17 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-13 05:55:14 +0000

    dev-util/librnp: add 0.16.3
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/Manifest             |  1 +
 dev-util/librnp/librnp-0.16.3.ebuild | 73 ++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-04-13 13:36:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87026f7144840af2e6b1efb370a170dec6afa4f6

commit 87026f7144840af2e6b1efb370a170dec6afa4f6
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-13 11:22:40 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-13 13:36:17 +0000

    dev-util/librnp: stabilize 0.16.3 for x86
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/librnp-0.16.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a102a388524f59bac0ea069b5b2645abe2180f9b

commit a102a388524f59bac0ea069b5b2645abe2180f9b
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-13 11:22:28 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-13 13:36:17 +0000

    dev-util/librnp: stabilize 0.16.3 for amd64
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/librnp-0.16.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-04-15 06:19:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f624875e395e3852bd41dc29e9d141a113ba3472

commit f624875e395e3852bd41dc29e9d141a113ba3472
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-15 06:16:53 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-15 06:18:56 +0000

    dev-util/librnp: drop 0.16.2
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/Manifest             |  1 -
 dev-util/librnp/librnp-0.16.2.ebuild | 73 ------------------------------------
 2 files changed, 74 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 23:29:48 UTC
Thanks!